CVE-2020-37172

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score

5.3 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N                                    

Vulnerability Description

AVideo Platform 8.1 contains a cross-site request forgery vulnerability that allows attackers to reset user passwords by exploiting the password recovery mechanism. Attackers can craft malicious requests to the recoverPass endpoint using the user's recovery token to change account credentials without authentication.

Vulnerability Details

Published Date

February 11, 2026

Last Modified

February 18, 2026

CWE ID

CWE-640

Source

NVD

Vendor

AVideo

Product

AVideo Platform

External References

https://avideo.com
https://github.com/WWBN/AVideo
https://www.exploit-db.com/exploits/48003
https://www.vulncheck.com/advisories/avideo-platform-cross-site-request-forgery-password-reset

CVE-2020-37172

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment